<?
require "include/bittorrent.php";
dbconn();
loggedinorreturn();

if (get_user_class() < UC_MODERATOR)
  error("Permission denied.");

if ($_SERVER["REQUEST_METHOD"] == "POST")
{
  $action = $_POST["action"];
  $returnto = htmlentities($_POST["returnto"]);
  $question = $_POST["question"];
  $option0 = $_POST["option0"];
  $option1 = $_POST["option1"];
  $option2 = $_POST["option2"];
  $option3 = $_POST["option3"];
  $option4 = $_POST["option4"];
  $option5 = $_POST["option5"];
  $option6 = $_POST["option6"];
  $option7 = $_POST["option7"];
  $option8 = $_POST["option8"];
  $option9 = $_POST["option9"];
  $option10 = $_POST["option10"];
  $option11 = $_POST["option11"];
  $option12 = $_POST["option12"];
  $option13 = $_POST["option13"];
  $option14 = $_POST["option14"];
  $option15 = $_POST["option15"];
  $option16 = $_POST["option16"];
  $option17 = $_POST["option17"];
  $option18 = $_POST["option18"];
  $option19 = $_POST["option19"];
  $sort = $_POST["sort"];

  if (!$question || !$option0 || !$option1)
    error("Missing form data!");

  if ($action == "edit")
  {
  	$pollid = (int)$_POST["pollid"];
  	if (!is_valid_id($pollid))
		error("Invalid ID.");

	query("UPDATE polls SET question = " . sqlesc($question) . ", option0 = " . sqlesc($option0) . ", option1 = " . sqlesc($option1) . ", option2 = " . sqlesc($option2) . ", option3 = " . sqlesc($option3) . ", option4 = " . sqlesc($option4) . ", option5 = " . sqlesc($option5) . ", option6 = " . sqlesc($option6) . ", option7 = " . sqlesc($option7) . ", option8 = " . sqlesc($option8) . ", option9 = " . sqlesc($option9) . ", option10 = " . sqlesc($option10) . ", option11 = " . sqlesc($option11) . ", option12 = " . sqlesc($option12) . ", option13 = " . sqlesc($option13) . ", option14 = " . sqlesc($option14) . ", option15 = " . sqlesc($option15) . ", option16 = " . sqlesc($option16) . ", option17 = " . sqlesc($option17) . ", option18 = " . sqlesc($option18) . ", option19 = " . sqlesc($option19) . ", sort = " . sqlesc($sort) . " WHERE id = $pollid") or sqlerr(__FILE__, __LINE__);
  }
  else
  {
        $forum_id = 2; // set the id of the forum, where you want the topic to be posted
        $time = get_date_time();
        $body = "$question\n\n";
        
        for ($i = 0; $i < 20; $i++)
        {
            $option = "option" . $i;
            
            if ($$option != "")
            {
                $body .= "[*] " . $$option . "\n";
            }
        }
        
        query("INSERT INTO topics (userid, subject, forumid) VALUES ($CURUSER[id], " . sqlesc($question) . ", $forum_id)");
        $topic_id = mysql_result(query("SELECT id FROM topics WHERE subject = " . sqlesc($question) . " AND userid = $CURUSER[id] AND forumid = $forum_id"), 0);
        query("INSERT INTO posts (topicid, userid, added, body) VALUES ($topic_id, $CURUSER[id], '$time', " . sqlesc($body) . ")");
        $post_id = mysql_result(query("SELECT id FROM posts WHERE topicid = $topic_id AND userid = $CURUSER[id] AND added = '$time'"), 0);
        query("UPDATE topics SET lastpost=$post_id WHERE id=$topic_id");

  	query("INSERT INTO polls VALUES(0, '$time', " . sqlesc($question) . ", " . sqlesc($option0) . ", " . sqlesc($option1) . ", " . sqlesc($option2) . ", " . sqlesc($option3) . ", " . sqlesc($option4) . ", " . sqlesc($option5) . ", " . sqlesc($option6) . ", " . sqlesc($option7) . ", " . sqlesc($option8) . ", " . sqlesc($option9) . ", " . sqlesc($option10) . ", " . sqlesc($option11) . ", " . sqlesc($option12) . ", " . sqlesc($option13) . ", " . sqlesc($option14) . ", " . sqlesc($option15) . ", " . sqlesc($option16) . ", " . sqlesc($option17) . ", " . sqlesc($option18) . ", " . sqlesc($option19) . ", " . sqlesc($sort) . ", $topic_id)") or sqlerr(__FILE__, __LINE__);
  }

  if ($returnto == "main")
		header("Location: $SITEURL");
  elseif ($pollid)
		header("Location: $SITEURL/polls.php#$pollid");
	else
		header("Location: $SITEURL");
}

else

{

  $action = $_GET["action"];

  if ($action == "edit")
  {
	$pollid = (int)$_GET["pollid"];
	if (!is_valid_id($pollid))
		error("Invalid ID.");
	$res = query("SELECT * FROM polls WHERE id = $pollid")
			or sqlerr(__FILE__, __LINE__);
	if (mysql_num_rows($res) == 0)
		error("No poll found with ID.");
	$poll = mysql_fetch_array($res);
	stdhead("Edit poll");
	print("<h1>Edit poll</h1>");
  }
  else
  {
	stdhead("Make poll");
	// Warn if current poll is less than 3 days old
	$res = query("SELECT question,added FROM polls ORDER BY added DESC LIMIT 1") or sqlerr();
	$arr = mysql_fetch_assoc($res);
	if ($arr)
	{
	  $hours = floor((time() - sql_timestamp_to_unix_timestamp($arr["added"])) / 3600);
	  $days = floor($hours / 24);
	  if ($days < 3)
	  {
	    $hours -= $days * 24;
	    if ($days)
	      $t = "$days day" . ($days > 1 ? "s" : "");
	    else
	      $t = "$hours hour" . ($hours != 1 ? "s" : "");
	    print("<p><font color=red><b>Note: The current poll (<i>" . $arr["question"] . "</i>) is only $t old.</b></font></p>");
	  }
	}
	print("<h1>Make poll</h1>");
  }
?>

<table border=1 cellspacing=0 cellpadding=5><form method=post action=makepoll.php>
<tr><td class=rowhead>Question <font color=red>*</font></td><td align=left><input name=question size=60 maxlength=60 value="<?=$poll['question']?>"></td></tr>
<tr><td class=rowhead>Option 1 <font color=red>*</font></td><td align=left><input name=option0 size=60 maxlength=40 value="<?=$poll['option0']?>"><br></td></tr>
<tr><td class=rowhead>Option 2 <font color=red>*</font></td><td align=left><input name=option1 size=60 maxlength=40 value="<?=$poll['option1']?>"><br></td></tr>
<tr><td class=rowhead>Option 3</td><td align=left><input name=option2 size=60 maxlength=40 value="<?=$poll['option2']?>"><br></td></tr>
<tr><td class=rowhead>Option 4</td><td align=left><input name=option3 size=60 maxlength=40 value="<?=$poll['option3']?>"><br></td></tr>
<tr><td class=rowhead>Option 5</td><td align=left><input name=option4 size=60 maxlength=40 value="<?=$poll['option4']?>"><br></td></tr>
<tr><td class=rowhead>Option 6</td><td align=left><input name=option5 size=60 maxlength=40 value="<?=$poll['option5']?>"><br></td></tr>
<tr><td class=rowhead>Option 7</td><td align=left><input name=option6 size=60 maxlength=40 value="<?=$poll['option6']?>"><br></td></tr>
<tr><td class=rowhead>Option 8</td><td align=left><input name=option7 size=60 maxlength=40 value="<?=$poll['option7']?>"><br></td></tr>
<tr><td class=rowhead>Option 9</td><td align=left><input name=option8 size=60 maxlength=40 value="<?=$poll['option8']?>"><br></td></tr>
<tr><td class=rowhead>Option 10</td><td align=left><input name=option9 size=60 maxlength=40 value="<?=$poll['option9']?>"><br></td></tr>
<tr><td class=rowhead>Option 11</td><td align=left><input name=option10 size=60 maxlength=40 value="<?=$poll['option10']?>"><br></td></tr>
<tr><td class=rowhead>Option 12</td><td align=left><input name=option11 size=60 maxlength=40 value="<?=$poll['option11']?>"><br></td></tr>
<tr><td class=rowhead>Option 13</td><td align=left><input name=option12 size=60 maxlength=40 value="<?=$poll['option12']?>"><br></td></tr>
<tr><td class=rowhead>Option 14</td><td align=left><input name=option13 size=60 maxlength=40 value="<?=$poll['option13']?>"><br></td></tr>
<tr><td class=rowhead>Option 15</td><td align=left><input name=option14 size=60 maxlength=40 value="<?=$poll['option14']?>"><br></td></tr>
<tr><td class=rowhead>Option 16</td><td align=left><input name=option15 size=60 maxlength=40 value="<?=$poll['option15']?>"><br></td></tr>
<tr><td class=rowhead>Option 17</td><td align=left><input name=option16 size=60 maxlength=40 value="<?=$poll['option16']?>"><br></td></tr>
<tr><td class=rowhead>Option 18</td><td align=left><input name=option17 size=60 maxlength=40 value="<?=$poll['option17']?>"><br></td></tr>
<tr><td class=rowhead>Option 19</td><td align=left><input name=option18 size=60 maxlength=40 value="<?=$poll['option18']?>"><br></td></tr>
<tr><td class=rowhead>Option 20</td><td align=left><input name=option19 size=60 maxlength=40 value="<?=$poll['option19']?>"><br></td></tr>
<tr><td class=rowhead>Sort</td><td>
<input type=radio name=sort value=yes <?=$poll["sort"] != "no" ? " checked" : "" ?>>Yes
<input type=radio name=sort value=no <?=$poll["sort"] == "no" ? " checked" : "" ?>> No
</td></tr>
<tr><td colspan=2 align=center><input type=submit value=<?=$pollid?"'Edit poll'":"'Make poll'"?> style='height: 20pt'></td></tr>
<input type=hidden name=pollid value=<?=$pollid?>>
<input type=hidden name=action value=<?=$pollid?"edit":"create"?>>
<input type=hidden name=returnto value=<?=$_GET["returnto"]?>>
</form></table>
<p><font color=red>*</font> required</p>

<? 
stdfoot(); 
}
?>